Note: Kandji has been rebranded as Iru. This documentation references "Kandji" as that remains the current API naming convention. All functionality works identically with the Iru platform.
npm installCreate a .env file in the project root:
KANDJI_API_TOKEN=your_api_token_here
KANDJI_SUBDOMAIN=your_subdomain
KANDJI_REGION=us # or 'eu' for European regionImportant: Ensure your API token has ALL permissions enabled in Kandji console.
npm run buildnpm run devnpm startComplete Setup Guide: See ../config/README.md
Quick steps:
- Build the server (from previous step)
- Copy example config:
cp config/claude_desktop_config.example.json ~/Desktop/ - Edit the file with your Kandji credentials
- Add to Claude Desktop config at
~/Library/Application Support/Claude/claude_desktop_config.json - Restart Claude Desktop
The server will start automatically when Claude Desktop launches.
npm test # Run Jest unit tests (61 tests)
npm run test:watch # Run tests in watch mode
npm run test:coverage # Generate coverage report# Run all integration tests
npm run test:integration
# Run specific test suites
npm run test:tags # Tags management
npm run test:users # User management
npm run test:vulnerabilities # Vulnerability management
npm run test:threats # Threat detection
npm run test:licensing # Licensing information
npm run test:all # Comprehensive all-tools testThe server provides 23 MCP tools across 6 categories:
search_devices_by_criteria- Search and filter devicesget_device_details- Get detailed device informationget_device_activity- Device activity historyget_device_apps- Installed applications listget_device_library_items- Library items and statusesget_device_parameters- Parameters for macOS devicesget_device_status- Comprehensive device statusget_device_lost_mode_details- Lost mode for iOS/iPadOSexecute_device_action- Device actions (lock, restart, erase)
get_compliance_summary- Organization compliance overviewlist_audit_events- Audit log events
list_blueprints- List all blueprintsget_tags- Get tags with optional search
list_users- List users with filtersget_user- Get specific user details
list_vulnerabilities- List CVE vulnerabilitiesget_vulnerability_details- Get CVE detailslist_vulnerability_detections- Vulnerability detectionslist_affected_devices- Devices affected by CVElist_affected_software- Software affected by CVElist_behavioral_detections- Behavioral threat detections
get_threat_details- Detailed threat informationget_licensing- Licensing and utilization
For detailed documentation, see TOOLS.md.
npm run test:tagsExpected Output:
- Lists all configured tags
- Tests search functionality
- Validates cache behavior
npm run test:usersExpected Output:
- Lists all users
- Filters by archived status
- Gets individual user details
- Tests error handling
npm run test:vulnerabilitiesExpected Output:
- Lists all vulnerabilities
- Filters by severity
- Gets CVE details
- Lists affected devices and software
- Tests pagination
npm run test:threatsExpected Output:
- Lists behavioral detections
- Gets threat details
- Filters by classification and status
- Tests combined filters
Problem: API token lacks permissions Solution:
- Log into Kandji console
- Generate new API token with ALL permissions
- Update
.envfile with new token
Problem: TypeScript compilation fails Solution:
# Clean build
rm -rf dist/
npm run buildProblem: Connection timeouts Solution:
- Verify
KANDJI_SUBDOMAINis correct - Check internet connectivity
- Verify region setting (us/eu)
Problem: Stale data being returned Solution: Restart the server to clear in-memory cache
All tools return a standardized response envelope:
{
"success": true,
"summary": "Found 15 users",
"table": {
"columns": ["Email", "Name", "Status"],
"rows": [
{"Email": "user@example.com", "Name": "John Doe", "Status": "Active"}
]
},
"data": { /* Full API response */ },
"metadata": {
"totalCount": 15,
"elapsedMs": 245,
"cached": false,
"source": "Kandji API"
},
"suggestions": [
"Use filters to narrow results",
"Check individual items for details"
]
}{
"success": false,
"errors": [{
"category": "auth",
"message": "Invalid API token",
"recovery": [
"Verify KANDJI_API_TOKEN in .env file",
"Regenerate API token in Kandji settings"
]
}],
"metadata": {
"elapsedMs": 125,
"cached": false,
"source": "Kandji API"
}
}To maximize cache performance:
- Query the same data repeatedly within TTL windows
- Use broader filters first, then narrow down
- Avoid random device/user ID queries
# Good: List users once, then get specific users
1. list_users → cache hit for 5 minutes
2. get_user(id1) → cache hit for 5 minutes
3. get_user(id2) → cache hit for 5 minutes
# Not optimal: Different queries each time
1. get_user(random_id1)
2. get_user(random_id2)
3. get_user(random_id3)| Tool | TTL | Best For |
|---|---|---|
| Tags | 30 min | Infrequent changes |
| Users | 5 min | Moderate updates |
| Vulnerabilities | 2 min | Security monitoring |
| Threats | 2 min | Real-time detection |
| Licensing | 1 hour | Billing/admin |
- ✅ Run
npm run test:integrationto verify all tools work - ✅ Review test output for any permission issues
- ✅ Update API token if needed
- ✅ Integrate with Claude Desktop
- ✅ Start using MCP tools for device management
- TEST_SUITE.md - Comprehensive test documentation
- IMPLEMENTATION_SUMMARY.md - Technical implementation details
- docs/API_REFERENCE.md - Full Kandji API reference
- CLAUDE.md - Development guidelines
For issues or questions:
- Check error messages and recovery suggestions
- Review documentation files
- Verify .env configuration
- Ensure API token has full permissions
- Check Kandji API status
Ready to use! Run npm run test:integration to get started.